MS12-080 - Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

Discussion in 'Security Alerts' started by News, Dec 11, 2012.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,187
    Likes Received:
    20
    Severity Rating: Critical
    Revision Note: V1.0 (December 11, 2012): Bulletin published.
    Summary: This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

    More...
     

Share This Page

Loading...